{{Fail2ban}} scans log files like <tt>/var/log/pwdfail</tt> or <tt>/var/log/apache/error_log</tt> and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

+

{{Fail2ban}} scans log files (e.g. <tt>/var/log/apache/error_log</tt>) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other '''action''' (e.g. sending an email, or ejecting CD-ROM tray) could also be configured. Out of the box Fail2Ban comes with '''filters''' for various services (apache, curier, ssh, etc).

Revision as of 18:17, 2 January 2012

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email, or ejecting CD-ROM tray) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, curier, ssh, etc).